Microsoft reveals first known midterm campaign hacking attempts

Microsoft detected and helped block hacking attempts against three congressional candidates this year, a company executive said Thursday, marking the first known example of cyber interference in the midterm elections.

“Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” said Tom Burt, Microsoft’s vice president for security and trust, at the Aspen Security Forum. “And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections.”

Story Continued Below

Burt declined to name the targets but said they were “people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint.”

Microsoft took down the fake domain and worked with the federal government to block the phishing messages. Burt said that none of the targeted campaign staffers were infected.

Burt did not specify whether the hacking attempts originated from Russia.

A daily briefing on politics and cybersecurity — weekday mornings, in your inbox.

Email

By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.

Threat intelligence researchers at Microsoft and elsewhere are “not seeing the same level of activity by the Russian activity groups leading into the midterm elections that we could see when we look back at the 2016 elections,” Burt said.

For example, he said, Russian hackers are not targeting think tanks and academic experts like they did during the 2016 campaign.